Privacy Policy

Admin

At The Seated Queen, we are committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data.

Who We Are

The Seated Queen is operated by The Seated Queen Ltd, a skincare company registered in England.

Our registered office address is:

The Seated Queen Ltd
27 High Street
Salisbury
SP1 2NU

We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZA548237.

What Data We Collect

We collect data to operate our business effectively and provide you with the best experience.

We may collect:

Identity Data including your name, title and date of birth
Contact Data including billing address, email and phone numbers
Financial Data including payment card details and order history
Transaction Data including order details, products purchased and delivery details
Technical Data including your IP address, browser type and operating system
Profile Data including preferences, login details, order history and newsletter subscriptions
Usage Data including information about how you use our website and interact with emails
Marketing and Communications Data including preferences for receiving marketing from us

We collect data in the following ways:

Directly from you when you provide information to open an account, place an order, sign up to our newsletter, take part in a survey or communicate with us.
From your use of our services including transaction data, usage data and technical data.
From third parties occasionally we may receive data from analytics providers like Google based outside the EU.
Publicly available sources such as Companies House.

How We Use Your Data

We use your data to:

Provide products and services including processing orders and delivering packages.
Process payments including card transactions, refunds and recalls.
Manage your account including registration, account access and fulfilling orders.
Personalise your experience including website customisation, product recommendations and marketing messages.
Improve our offerings including tracking usage data, preferences and reviewing feedback to develop new products.
Communicate with you including responding to queries, sending updates and marketing where you have consented.
Protect our business interests including legal rights, safety of staff and customers, and IT security.

Our legal basis for processing data:

Legitimate interests – to manage our business, provide services and communicate.
Contractual obligations – to fulfil orders and manage your account.
Legal compliance – to conform with regulations and assist law enforcement.
Consent – to send marketing with your permission which can be withdrawn.

Who Has Access

The Seated Queen staff who need access to perform their roles, including customer service, marketing, IT and management.

We use trusted third party providers to assist in delivering our services, including:

Web and App Development (Shopify, Google Analytics)
Payments (Stripe, PayPal)
Shipping (Royal Mail, DPD, DHL)
Marketing (MailChimp, Google Ads)
IT Infrastructure and Support (AWS, Hubspot, Intercom)

All providers are vetted, bound by confidentiality and we only permit access required to perform their function.

We may also share data with:

Legal and regulatory bodies if required by law
Law enforcement to assist investigations
Parties involved in a business transition like a merger or acquisition

We require all third parties to respect our data privacy standards and not to sell your personal information.

International Data Transfers

Some third party providers we use are based outside the European Economic Area (EEA) so their processing of your personal data will involve an international transfer outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure an adequate level of protection is in place in compliance with UK GDPR including:

Transferring to countries approved as providing adequate data protection by the UK like Canada.
Using Privacy Shield Frameworks when transferring data to the US.
Ensuring standard data protection clauses approved by the UK are in place.

Data Retention

We retain your data as long as needed to provide our services and comply with legal obligations. This includes:

Account information – for as long as your account remains active.
Transaction data – for 7 years after purchase for accounting purposes.
Marketing data – until you opt out or unsubscribe.
Website usage data – for 3 years from when it was collected.

When no longer needed, data is securely and permanently deleted or destroyed.

Your Rights

Under UK GDPR, you have rights regarding your personal data:

Right of access to obtain copies of your data
Right to rectification to correct inaccurate or incomplete data
Right to erasure to request we delete your data, subject to legal exceptions
Right to restrict processing to limit how we use your data
Right to data portability to obtain usable copies to transfer to other services
Right to object to processing including for direct marketing
Rights regarding automated decision making and profiling

To make a request, please contact our Data Protection Officer using the contact details in the Who We Are section. We may request specific information to confirm your identity before fulfilling requests.

You also have the right to lodge a complaint with the ICO if you believe we have not complied with data protection regulations.

Cookies

Our website uses essential cookies to enable core functionality like page navigation and access to secure areas. No personal data is stored in these cookies.

We also use analytical cookies to help us improve your online experience. For example, we can see how website areas are used and what content interests you most.

You can consent to non-essential cookies below. You can also manage cookie preferences in your browser settings.

Marketing Preferences

We may send you relevant news, product updates and offers by email where you have consented to receive these.

You are in full control and can change your preferences anytime by:

Clicking unsubscribe in an email
Logging into your account and updating your preferences
Contacting us by phone or email

Security

We take data security seriously and use appropriate tools to protect against unauthorised access, accidental loss, disclosure and destruction. Measures include:

SSL encryption of data in transit and at rest
Strong password policies
Access controls for staff and third parties
Testing and audits to identify vulnerabilities

Whilst we strive to protect your data, no system can be completely secure so we cannot guarantee security. If you become aware of a breach, please report this to us immediately.

Age Limits

To place an order, you must be over 18 years old. Our services are not aimed at children under 16 and we do not knowingly collect their data. If you suspect we have data on a child, please contact us.

Changes to this Policy

We may occasionally make changes to this policy for example when introducing new services or technologies. The most current version will always be available on our website – please check back regularly.

This policy was last updated on 1st January 2021.